Mingli Yu
a7a92a06a4
Remove obsolete setting regarding the Standard Output
...
The Standard output type "syslog" is obsolete, causing a warning since systemd
version 246 [1].
Please consider using "journal" or "journal+console"
[1] https://github.com/systemd/systemd/blob/master/NEWS#L202
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
2020-09-23 07:03:02 +00:00
Stéphane Graber
c37c7b91af
Merge pull request #3540 from brauner/2020-09-17/fixes_2
...
lxc-usernsexec: setgroups() similar to other places shouldn't fail on…
2020-09-17 13:11:20 -04:00
Christian Brauner
3f6e5c831e
lxc-usernsexec: setgroups() similar to other places shouldn't fail on EPERM
...
FAIL: lxc-tests: lxc-test-usernsexec (1s)
---
as test-userns executing /tmp/autopkgtest.waGEXj/build.Hm3/src/src/tests/lxc-test-usernsexec
uid=1001 gid=1001 name=test-userns subuid=165536 subgid=165536 ver=1:4.0.4-0ubuntu3
lxc-utils=1:4.0.4-0ubuntu3 kver=5.8.0-19-generic
USERNSEXEC=lxc-usernsexec
nouidgid: PASS
myuidgid: FAIL - runtest failed 1
$ lxc-usernsexec -mu:0:1001:1 -mg:0:1001:1 -- /tmp/autopkgtest.waGEXj/build.Hm3/src/src/tests/lxc-test-usernsexec inside f0
lxc 20200914222824.562 ERROR utils - utils.c:lxc_setgroups:1363 - Operation not permitted - Failed to setgroups()
kid 73112 is gone 1
subuidgid: PASS
bothsets: PASS
mismatch: PASS
ERRORS: myuidgid
---
Reported-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-09-17 17:46:00 +02:00
Stéphane Graber
b324a25500
Merge pull request #3539 from brauner/2020-09-17/fixes
...
commands: don't fail if unfreeze fails
2020-09-17 11:30:14 -04:00
Christian Brauner
8db8adea44
commands: don't fail if unfreeze fails
...
We can e.g. fail the unfreeze because the freezer cgroup is not available and
then we erronously report that stopping the container failed.
Closes : #3471 .
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-09-17 15:51:41 +02:00
Christian Brauner
4226b2e5af
Merge pull request #3532 from alliedtelesis/fix_lxc_attach_crash
...
avoid a NULL pointer dereference in lxc-attach
2020-09-03 10:11:41 +02:00
Christian Brauner
c3941f32de
attach: use lxc_terminal_signal_sigmask_safe_blocked()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-09-03 08:40:52 +12:00
Christian Brauner
3e3f79bdcd
terminal: introduce lxc_terminal_signal_sigmask_safe_blocked()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-09-03 08:40:42 +12:00
Scott Parlane
d9346e19eb
avoid a NULL pointer dereference in lxc-attach
...
Seems to appear when stderr is a terminal and not stdin or stdout.
Signed-off-by: Scott Parlane <scott.parlane@alliedtelesis.co.nz>
2020-09-02 17:04:45 +12:00
Christian Brauner
9cc837ef2c
Merge pull request #3531 from JingWoo/cleancode
...
remove useless parameters
2020-08-28 12:12:56 +02:00
wujing
a7c6e83042
remove useless parameters
...
Signed-off-by: wujing <Jing.Woo@outlook.com>
2020-08-28 16:49:00 +08:00
Stéphane Graber
46fd283b50
Merge pull request #3530 from brauner/2020-08-25/fixes
...
cgroups: fix armhf builds
2020-08-25 08:45:14 -04:00
Christian Brauner
00f848f31a
Merge pull request #3529 from pranaysrivastava/fixup_rootfs_detection
...
Check only rootfs as filesystem type
2020-08-25 12:30:37 +02:00
Christian Brauner
9fd047d158
cgroups: fix armhf builds
...
Link: https://launchpadlibrarian.net/494473462/buildlog_ubuntu-groovy-armhf.lxc_1%3A4.0.4-0ubuntu2_BUILDING.txt.gz
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-25 12:27:10 +02:00
Pranay Kr. Srivastava
97edebfacd
Check only rootfs as filesystem type
...
When detecting if rootfs is on ramfs instead of checking "- rootfs
rootfs" which is the " - <file_system> <device>" information only check
the file system type. This is due to a change introduced in kernel where
ramfs file system doesn't set the device to "rootfs" but instead mark it
as "none". By making sure we only check for "rootfs" as the file system
name we also offer backward compatibility with earlier kernels as well.
The kernel commit that introduced this change was
commit f32356261d44d580649a7abce1156d15d49cf20f
Author: David Howells <dhowells@redhat.com>
Date: Mon Mar 25 16:38:31 2019 +0000
vfs: Convert ramfs, shmem, tmpfs, devtmpfs, rootfs to use the new
mount API
Signed-off-by: Pranay Kr. Srivastava <pranay.srivastava@pantacor.com>
2020-08-24 13:40:15 +05:30
Stéphane Graber
c22a1a4a52
Merge pull request #3528 from graysky2/master
...
remove deprecated options in lxc.service fixes #3527
2020-08-21 12:10:50 -04:00
Stéphane Graber
256928ac60
Merge pull request #3526 from brauner/2020-08-21/fixes
...
cgfsng: fix cgroup attach cgroup creation
2020-08-21 12:10:29 -04:00
graysky
0c4cd88d4a
remove deprecated options in lxc.service fixes #3527
...
Signed-off-by: graysky <graysky@archlinux.us>
2020-08-21 06:33:49 -04:00
Christian Brauner
c80c9a70bc
cgfsng: fix cgroup attach cgroup creation
...
�[01m�[Kcgroups/cgfsng.c:�[m�[K In function ‘�[01m�[Kcgroup_attach_leaf.constprop�[m�[K’:
�[01m�[Kcgroups/cgfsng.c:2221:10:�[m�[K �[01;31m�[Kerror: �[m�[Kwriting 1 byte into a region of size 0 [�[01;31m�[K-Werror=stringop-overflow=�[m�[K]
2221 | �[01;31m�[K*slash = '\0'�[m�[K;
| �[01;31m�[K~~~~~~~^~~~~~�[m�[K
�[01m�[Kcgroups/cgfsng.c:2213:8:�[m�[K �[01;36m�[Knote: �[m�[Kat offset -13 to object ‘�[01m�[Kattach_cgroup�[m�[K’ with size 23 declared here
2213 | char �[01;36m�[Kattach_cgroup�[m�[K[STRLITERALLEN(".lxc-1000/cgroup.procs") + 1];
| �[01;36m�[K^~~~~~~~~~~~~�[m�[K
�[01m�[Kcgroups/cgfsng.c:2229:10:�[m�[K �[01;31m�[Kerror: �[m�[Kwriting 1 byte into a region of size 0 [�[01;31m�[K-Werror=stringop-overflow=�[m�[K]
2229 | �[01;31m�[K*slash = '/'�[m�[K;
| �[01;31m�[K~~~~~~~^~~~~�[m�[K
�[01m�[Kcgroups/cgfsng.c:2213:8:�[m�[K �[01;36m�[Knote: �[m�[Kat offset -13 to object ‘�[01m�[Kattach_cgroup�[m�[K’ with size 23 declared here
2213 | char �[01;36m�[Kattach_cgroup�[m�[K[STRLITERALLEN(".lxc-1000/cgroup.procs") + 1];
| �[01;36m�[K^~~~~~~~~~~~~�[m�[K
�[01m�[Kcgroups/cgfsng.c:2229:10:�[m�[K �[01;31m�[Kerror: �[m�[Kwriting 1 byte into a region of size 0 [�[01;31m�[K-Werror=stringop-overflow=�[m�[K]
2229 | �[01;31m�[K*slash = '/'�[m�[K;
| �[01;31m�[K~~~~~~~^~~~~�[m�[K
�[01m�[Kcgroups/cgfsng.c:2213:8:�[m�[K �[01;36m�[Knote: �[m�[Kat offset -13 to object ‘�[01m�[Kattach_cgroup�[m�[K’ with size 23 declared here
2213 | char �[01;36m�[Kattach_cgroup�[m�[K[STRLITERALLEN(".lxc-1000/cgroup.procs") + 1];
| �[01;36m�[K^~~~~~~~~~~~~�[m�[K
Link: https://launchpadlibrarian.net/494354168/buildlog_ubuntu-groovy-armhf.lxc_1%3A4.0.4-0ubuntu1_BUILDING.txt.gz
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-21 10:32:03 +02:00
Stéphane Graber
9d3b7c97f0
Merge pull request #3522 from avr1254/master
...
Updated documentation to reflect lack of support for pure cgroupv2
2020-08-17 00:04:30 -04:00
Arjun Ramachandrula
b87ed83bbc
Updated documentation to reflect lack of support for pure cgroupv2
...
Signed-off-by: Arjun Ramachandrula <arjun.ramachandrula@gmail.com>
2020-08-15 16:16:03 -04:00
Stéphane Graber
76a59906e8
Merge pull request #3518 from brauner/2020-08-12/fixes
...
lsm: remove the need for atomic operations
2020-08-12 17:31:08 -04:00
Christian Brauner
af04d84752
lsm: remove the need for atomic operations
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-12 22:42:40 +02:00
Stéphane Graber
b799325655
Merge pull request #3517 from brauner/2020-08-10/fixes_2
...
lsm: rewrite
2020-08-11 08:28:19 -04:00
Christian Brauner
3bb6ff017b
lsm: use atomic in ase we're used multi-threaded
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-11 10:32:01 +02:00
Christian Brauner
d701d729f6
lsm: rework lsm handling
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-11 09:41:27 +02:00
Stéphane Graber
d333aeb4fe
Merge pull request #3514 from brauner/2020-08-10/fixes
...
conf: terminal and /dev hardening
2020-08-10 14:41:00 -04:00
Christian Brauner
8ea93a0fa7
terminal: harden terminal allocation
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-10 16:05:14 +02:00
Christian Brauner
953db219da
conf: move /dev setup to be file descriptor based
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-10 11:01:42 +02:00
Stéphane Graber
567104e59e
Merge pull request #3513 from brauner/2020-08-09/openat2
...
openat2() and safe mounting
2020-08-09 22:39:45 -04:00
Christian Brauner
d43d5191b5
conf: harden lxc_fill_autodev() via save_mount_beneath_at()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-09 19:52:33 +02:00
Christian Brauner
6f61472bea
file_utils: add exists_dir_at()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-09 19:52:32 +02:00
Christian Brauner
ae9215cfc0
conf: make use of stashed container mountpoint fd in mount_autodev()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-09 19:52:32 +02:00
Christian Brauner
31f8b2fd47
conf: stash file descriptor to root mountpoint in struct lxc_rootfs
...
This way we only need to open it _once_ per container startup.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-09 19:52:31 +02:00
Christian Brauner
43535b6d26
utils: introduce safe_mount_beneath_at()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-09 19:52:31 +02:00
Christian Brauner
8b1f4dd9b3
cgfsng: use safe_mount_beneath()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-09 19:52:31 +02:00
Christian Brauner
ee8eeba881
conf: switch mount_autodev() to new safe_mount_beneath() helper
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-09 19:52:30 +02:00
Christian Brauner
65f0afdee2
utils: add safe_mount_beneath() based on openat2()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-09 19:52:30 +02:00
Christian Brauner
2b0c810617
syscalls: add openat2()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-09 19:52:30 +02:00
Christian Brauner
da0fdceb6d
Merge pull request #3512 from stgraber/master
...
lxc-download fixes
2020-08-07 21:40:56 +02:00
Stéphane Graber
e14546e377
lxc-download: Fix retry loop
...
Closes #3511
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2020-08-07 15:10:25 -04:00
Stéphane Graber
459fef2680
Revert "templates/lxc-download.in: use GPG option --receive-keys instead of --recv-keys"
...
This reverts commit 409040e702Closes #3510
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2020-08-07 15:09:01 -04:00
Stéphane Graber
dc9074bb79
Merge pull request #3509 from brauner/2020-08-06/fixes
...
api-extension: add missing seccomp_proxy_send_notify_fd extension
2020-08-06 11:51:32 -04:00
Christian Brauner
0dd2e321c2
api-extension: add missing seccomp_proxy_send_notify_fd extension
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-06 17:33:09 +02:00
Stéphane Graber
2a35d949b8
Merge pull request #3508 from brauner/2020-08-06/fixes
...
seccomp: add seccomp_notify_fd_active api extension
2020-08-06 09:27:31 -04:00
Christian Brauner
ec49d30f57
seccomp: send notify fd as part of the message
...
Since we haven't made this official api yet: YOLO
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-06 15:09:12 +02:00
Christian Brauner
2140576960
seccomp: add seccomp_notify_fd_active api extension
...
which allows to retrieve an active seccomp notifier fd from a running
container.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-06 14:40:13 +02:00
Stéphane Graber
05af17d749
Merge pull request #3507 from brauner/2020-08-06/fixes
...
seccomp: don't close the mainloop, simply remove the handler
2020-08-06 08:38:06 -04:00
Christian Brauner
eb551cefed
seccomp: don't close the mainloop, simply remove the handler
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-06 14:14:10 +02:00
Stéphane Graber
c601840017
Merge pull request #3506 from brauner/2020-08-05/safe_native_terminal_allocation
...
macro: define TIOCGPTPEER if missing
2020-08-05 15:14:28 -04:00
